Independent Evaluation Pursuant to the Government Information Security Reform Act
Fiscal Year 2002

The Office of Justice Programs' Enterprise Network System

Report No. 03-01
October 2002
Office of the Inspector General

CONCLUSION

Our review disclosed that security controls need improvement to fully protect the ENS from unauthorized use, loss, or modification. Specifically, we found vulnerabilities in the areas of life cycle controls, system security planning; personnel security; contingency planning; security awareness, training, and education; identification and authentication; and logical access controls. We assessed these vulnerabilities as a medium to high risk to the ENS. If not corrected, these security vulnerabilities threaten the data stored on the ENS with the potential for unauthorized use, loss, or modification.